The postings on this site solely reflect the personal views of each author and do not necessarily represent the views, positions, strategies or opinions of IBM or IBM management. IBM reserves the right to remove content deemed inappropriate.

IBM Intrusion Prevention Solutions Lead in Recent Third-party Testing

This post was contributed by Brian Fitch, Product Manager for Network Protection.

The Tolly Group has just released a security efficacy report on the IBM Security Network IPS GX7800. The GX7800 was compared to open source SNORT version 2.9.3.1 and the latest (as of the time of testing) Sourcefire VRT (Vulnerability Research Team) updates.

The test consisted of a group of vulnerabilities with publicly available exploits. In the initial testing, the publicly available exploits were injected into network traffic. Both technologies performed well in detecting and blocking the attacks. The IBM GX7800 appliance blocked 99% of the attacks and SNORT blocked 91% of the attacks.

The testing then moved to testing against mutated attacks, or exploits that have a portion of their code changed. The code change does not affect the vulnerability targeted or how the vulnerability is exploited. This is important because it helps illustrate how successful technologies can be with regards to shielding the vulnerability from multiple exploit types as opposed to catching only a single exploit variant. A subsequent mutation of an exploit can be successful in exploiting the vulnerability as it now is undetected by a detection technology. The IBM GX7800 blocked 100% of mutated attacks as the Protocol Analysis Module recognized that these new attacks were still targeting the vulnerability, even if a portion of the exploit code had changed. The SNORT technology only blocked 52% of the mutated attacks.

The report also includes information on test configuration, equipment and technologies used, CVEs involved, as well as examples of exploit mutations. Performance capabilities of the GX7800 are also covered, including throughput metrics from both ‘drop’ and ‘forward’ operating modes of the appliance.